Will this rule still work if ether1/wlan1 are in a bridge with WDS? I would think the traffic would hit the bridge1 interface, wouldn't it?
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 30, 2011 at 2:32 PM, Butch Evans <[email protected]> wrote: > On Wed, 2011-11-30 at 08:13 -0500, Josh Luthman wrote: >> Would that permit the customer to still have a dhcp client behind it? >> In my case, the customer would have a wlan1/ether1 wds bridge. > > If we use the in-interface=ether1 in the rule, we are limiting DHCPOFFER > coming from a DHCP server that exists on ether1. So it should not > interfere with a server on the WAN side (wlan1). This rule will ONLY > limit the DHCPOFFER packet, which is always src-port=67 and dst-port=68. > This is detailed here: > http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Technical_details > > DHCP-client requests are src-port=68 and dst-port=67, server responses > are the opposite. > >> > /interface bridge filter >> > add action=drop chain=forward disabled=no \ >> > dst-port=68 in-interface=ether1 \ >> > ip-protocol=udp mac-protocol=ip src-port=67 >> > > > -- > ******************************************************************** > * Butch Evans * Professional Network Consultation * > * http://www.butchevans.com/ * Network Engineering * > * http://store.wispgear.net/ * Wired or Wireless Networks * > * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * > * NOTE THE NEW PHONE NUMBER: 702-537-0979 * > ******************************************************************** > > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
